Tech groups renew push for cloud, email privacy protections

This may finally be the year that the U.S. Congress gives email and other documents stored in the cloud for several months the same privacy protections from police searches as newer files or paper records stored in a file cabinet, say backers of electronic privacy reform.

A coalition of tech companies, digital rights advocates and other groups on Wednesday renewed their call for Congress to change a 29-year-old electronic privacy law called the Electronic Communications Privacy Act [ECPA].

Members of the Digital Fourth coalition have been pushing since 2010 for Congress to change ECPA by requiring law enforcement agencies to get a judge-approved warrant before getting access to a suspect's digital files stored with a third party for more than 180 days.

Law enforcement agencies need a warrant to get their hands on paper files stored in a suspect's home or office and electronic files stored for less than 180 days. But under ECPA, police agencies need only a subpoena, not reviewed by a judge, to demand files stored in the cloud for longer than 180 days.

For privacy protections guaranteed by the U.S. Constitution's Fourth Amendment, "there shouldn't be difference between your digital file cabinet and a file cabinet in your home," Katie McAuliffe, manager of federal affairs for conservative group Americans for Tax Reform, said Wednesday. "The problem is the government wants to get to your personal documents without your knowledge."

While bills introduced in Congress during the last five years failed to pass, members of the ECPA reform coalition said they're optimistic about legislation passing soon. Momentum for changing ECPA has been building in Congress, Chris Calabrese, senior director for policy at the Center for Democracy and Technology, said during a briefing for the media and for congressional staff.

With more than half of the House co-sponsoring the bill, that "sounds like an easy path to me," McAuliffe said.

ECPA reform bills in past sessions of Congress have run into some opposition from the U.S. Securities and Exchange Commission, which conducts investigations using subpoenas but has no warrant-seeking authority. The SEC's concerns are minor, given that the agency generally seeks documents direct from the subjects of its investigations, countered David Lieber, senior privacy policy counsel for Google.

Other U.S. agencies, including the Department of Justice and FBI, have voiced support for the proposed changes to ECPA in recent years, and the proposed changes have broad support in the tech industry and across political lines, coalition members said.

After a year and a half of revelations about surveillance programs at the U.S. National Security Agency, ECPA reform is a step Congress could take to show voters, and other countries, that it is concerned about electronic privacy, Lieber added.

"This is low-hanging fruit on the surveillance tree," he said.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is grant_gross@idg.com.

Cyber resilience will be particularly important as Australian organisations face increased pressure to quickly detect, respond to, and manage the repercussions of breaches in the wake of 2018’s Notifiable Data Breaches (NDB) scheme.

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.